//Be aware: modifying this file in any way will cause a pop-up to users telling them the privacy policy has changed.
html(lang="en")
  body
    span(id="last-changed")
      | Last changed on:
      |
      time(id="changed-date" datetime=lastTime) #{lastTime}
      |
      | (
      i
        a(href="https://github.com/compiler-explorer/compiler-explorer/commit/" + lastCommit target="_blank") diff
      | )

    h2 Compiler Explorer Privacy Policy

    p
      | Thanks for your interest in what Compiler Explorer does with your data. Data protection is really
      | important to the Compiler Explorer team, and we want to be very clear about what we do with your data.

    h3 Who we are

    p
      | Compiler Explorer was created by and is primarily administrated by
      |
      a(href="mailto:matt@godbolt.org") Matt Godbolt
      | , along with a number of volunteers (including, but not limited to those listed in our "
      a(href="https://github.com/compiler-explorer/compiler-explorer/blob/main/AUTHORS.md"
        target="_blank" rel="noreferrer noopener") Authors
      | " documentation).
      | It is run on a best-effort basis, and is not a commercial product. We do our best
      | to keep your data safe, but welcome help from the community: See our
      |
      a(href="https://github.com/compiler-explorer/compiler-explorer"
        target="_blank" rel="noreferrer noopener") GitHub project page
      |
      | if you wish to help.

    h3 Your data

    p
      | In order to process compilation and execution requests, your browser sends the source code you typed in the editor
      | window along with your chosen compiler and options to the Compiler Explorer servers. There, the source code is
      | written to disk and your chosen compiler is invoked on it. If your request was to have your code executed, the
      | resulting executable is run. The outputs from compilation and execution are processed and sent back to your web
      | browser, where they're shown. Shortly after this process completes, your source code is deleted from disk. If, in
      | processing your query, an issue with Compiler Explorer is found, your code may be kept for up to a week in order to
      | help debug and diagnose the problem. Only the Compiler Explorer team will have access to your code, and only for the
      | purposes of debugging the site: we will never share your code with anyone.

    p
      | The source code and options are also subject to a one-way hash, which is used to cache the results to speed up
      | subsequent compilations of the same code. The cache is in-memory and on-disk. It's impossible to reconstruct the
      | source code from the hash, but the resulting assembly code or binary output (the compilation result) is stored as
      | plain text. There's no way to enumerate the in-memory cache contents. In exceptional cases, administrator members of
      | the Compiler Explorer team may be able to enumerate the disk caches and retrieve the compilation output, but with no
      | way to trace it back to the source code.

    p
      | In short: your source code is stored in plaintext for the minimum time feasible to be able to process your request.
      | After that, it is discarded and is inaccessible. In very rare cases your code may be kept for a little longer (at
      | most a week) to help debug issues in Compiler Explorer.

    h4 Short links

    p
      | If you choose to share your code using the "Share" dropdown, then the user interface state including the source code
      | is stored. For a "Full" link, this information is encoded into the URL as a URL hash (e.g.
      | #[code https://godbolt.org/#ui_state_and_code]). For short URLs, the interface state is stored on
      | Compiler Explorer's servers, and a shortened name uniquely
      | referring to this data is returned. The shortened name comes from a secure hash of the state, and without
      | knowing the name it is infeasible to access the data. Only Compiler Explorer administrators can access this data
      | directly. Obfuscated IP addresses and creation time are stored alongside this data, to enable spam detection.
      | Links of this form look like #[code https://godbolt.org/z/SHORTNAME].

    p
      | Prior to storing data itself, Compiler Explorer used an external URL shortening service (
      a(href="https://goo.gl/" target="_blank") goo.gl
      | ) and the resulting short URL was rewritten as #[code https://godbolt.org/g/SHORTURLPART].
      | The storage for the user experience state in this case remains with the short URL provider,
      | not Compiler Explorer.

    h4 Application, web and error logs

    p
      | Compiler Explorer keeps application logs, which contain semi-anonymised IP addresses, but no other personally
      | identifying information. When a long URL is clicked, the hash part of the URL is not sent to the server, so the user
      | state (including the source code) is NOT exposed in the web log. If a user clicks a short URL, then the short form
      | #[em is] exposed in the web log (as #[code https://godbolt.org/g/SHORTURLPART]) and from this the source code can be
      | retrieved. As such, if you create a short URL of your code, your source
      | code and other user state can in principle be retrieved from the web log of Compiler Explorer.

    p
      | Compiler Explorer keeps a separate compile request log for Analytics purposes without identifying information.
      | This log only contains the settings which were used - minus code and options that may contain sensitive data.

    p
      | Compiler Explorer uses Amazon's web serving, load balancing and edge caching systems. In order to debug and diagnose
      | Compiler Explorer, to help track down and block Denial of Service attacks, and to gather statistics about Compiler
      | Explorer's performance and usage, the logs from these systems are archived. These logs contain the full IP addresses
      | of requests. They are kept for no more than one month, after which they are permanently deleted.

    p
      | If your web browser experiences an error, we use a third party reporting system (
      a(href="https://sentry.io/" target="_blank") Sentry
      | ). This keeps information, including your IP address and web browser user agent, for no more than 90 days.

    h4 Executing your code

    p
      | For certain configurations, we may support executing the results of your compilation on the Compiler Explorer
      | servers. Execution occurs in a heavily locked-down, isolated environment. We have made reasonable efforts to protect
      | both the Compiler Explorer site and other concurrently-processed requests from information leakage due to rogue
      | executions.

    h4 Cookies

    p
      | Compiler Explorer uses small pieces of information stored on your computer: Cookies and Browser Local
      | Storage (and Session Storage). Local storage is used to remember the user's settings, source code and user interface configuration, so
      | that it's available when the user visits the Compiler Explorer site again. This information is not transmitted to
      | Compiler Explorer, except as described above in order to fulfil the user's requests. There is a
      |
      a(href="#cookies" rel="noreferrer noopener") separate document
      |
      | covering more on this.

    h3 Your choices

    p
      | Compiler Explorer is an open source project. If you are concerned about any of the data protection measures outlined
      | above, or about what happens to your source code, you are encouraged to run your own local instance of Compiler
      | Explorer. Instructions on how to do this are on the
      |
      a(href="https://github.com/compiler-explorer/compiler-explorer"
        target="_blank" rel="noreferrer noopener") GitHub project page
      | .

    h3 Compiler Explorer and the GDPR

    p
      | The Compiler Explorer team believes the Compiler Explorer site is compliant with the EU's General Data Protection
      | Regulation (GDPR). Specifically, we store no personally identifying information, we anonymise the little data that
      | we do have and we do not permanently store any user data.

    h4 Name and Address of the controller

    p
      | The Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws
      | applicable in Member states of the European Union and other provisions related to data protection is:

    div
      | Matt Godbolt
      br
      | 2626 Orrington Ave
      br
      | Evanston IL 60201 USA
      br
      | +1 312 792-7931<br>
      a(href="mailto:matt@godbolt.org") matt@godbolt.org
